Attention Continuum Partners: Important Notice About Heartbleed

On April 7, 2014 information was released about a new vulnerability (CVE-2014-0160) in OpenSSL, the cryptography library that powers the vast majority of private communication across the Internet. This library is key to maintaining privacy between servers and clients, and confirming that Internet servers are who they say they are. This vulnerability, known as Heartbleed, may allow an attacker to steal the keys that protect communication, user passwords, even the system memory of a vulnerable server. This represents a major risk to large portions of private traffic on the Internet.

At this time we have no evidence that the attack has been used against any of our portals, websites or other systems. However, we take the security of our partner data very seriously and will continue to vigilantly monitor for any unauthorized behavior.

As the leader of our security team, I can assure you that we are working aggressively to assess and update any of our systems that rely on OpenSSL. We have also been in touch with our technology partners to ensure they are doing the same. We are committed to the protection of our partners and will provide product-specific updates if and when necessary.

If you are a Continuum Partner and you remain concerned, here are some actions you can take:

We will be sure to keep all of our partners up to date on any developments as they happen via email, RSS and social media. Please contact your regional support teams with any questions.

UPDATE ON CONTINUUM VAULTFor any partners with questions regarding Heartbleed and Continuum Vault, we have confirmed that Continuum Vault does not use OpenSSL so was not impacted by Heartbleed. If you have any questions please leave them in the comments section.

UPDATE ON ContinuumUWe have updated the certificate on ContinuumU. Please direct any questions to the comments section.

UPDATE ON LOGMEIN (4/11/14 11:00pm ET)

Earlier today (Friday, 4/11), LogMeIn announced that LogMeIn Pro used OpenSSL on their blog. We have been working with LogMeIn tonight to ensure we have all required information to advise you properly. We are also in the process of running an analysis to confirm that client endpoints have been updated with the newest version which resolves this issue. Please watch for further communication on Saturday for recommendations on what actions you and your clients should take next.

As Chief Information Officer (CIO), Hunter is expected to take Continuum's IT operations to the next level of performance as our company continues its rapid growth and expansion. Most recently, Hunter served as Senior Vice President and Chief Technology Officer for Acadian Asset Management. Prior to Acadian, Hunter held positions at Plymouth Rock Companies as Director of Enterprise Technology Services as well as positions at Hobbs/Madison, MFS Investment Management and CSC Consulting. Hunter has a bachelor’s degree in computer science from Dartmouth College. He is responsible for all IT resources for Continuum’s U.S. and India locations.